{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3eca1c7c-e32e-5330-b9b0-5e5946bdf075", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-asm", "version": "3.1.1.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:961b89d4-ce53-536c-8817-5a8c5f90b743", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4345155-7b40-5f9b-b367-5c3de1ac73a0", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:507844b3-eefb-53b7-a5fa-a164b536905a", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4616a173-398d-55bc-afd6-c2b90bf5dcde", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f787bab8-66e3-5ccc-992e-22a3ce583c3b", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a748e519-b44c-5485-8566-7eadd868ac73", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e2d1d8c-54a0-56c5-9ec6-a3f30da589ff", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7f8f984-3b39-5ac6-92db-cdb77e651591", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d97e78f4-ada2-5b18-86f9-f7ce715a647c", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e11a0ccc-e914-577f-8215-ab2459f47c57", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2bcc88a-a206-5e38-8ac2-c85f29f5f56d", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:793f0d40-a82b-548a-b737-33deb5b70112", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0582412-7a18-5dbd-b155-7b39a7254281", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51ebd97a-096f-5376-8fd2-7fd75d9229b5", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb70f7f1-7c67-5c89-af46-ed0b50724354", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:613248b2-f6f6-507b-b150-850e9b7ff011", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b91ad6f2-ad37-53cf-bd65-503ac1d3730e", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63d81d36-86bc-52f1-91a7-60b7a0e83929", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c07b11ac-26c3-5a6c-8095-ff3f90f65d0d", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cae6cf1a-5b8d-5ff1-8c07-be1a742bd9ab", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0126e616-5079-503d-9cf1-a48eefc702a8", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2702caad-51e2-5837-b002-7736f92596e6", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68254501-620d-5603-82fc-82cc97505717", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f88974f4-e223-54fb-8875-b5b30f14b393", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7496492d-1aee-51c1-a7cb-546e3c2d4bc3", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62f4e310-dab3-5b63-8c30-d74d710f1dc3", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:092faec1-2dff-5073-8bd4-a5f2cf0d2b15", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f41e5820-e7af-5e5e-91b5-0d1b30e09cfc", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dace8e00-39b2-571f-89fc-61466aed8876", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ab88cbd-5a2d-51ff-ae67-0441040ed66a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd0df0cb-bbeb-56cd-9fdb-ce96384b101b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a592026-6d53-5eec-b608-253c71df0744", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63a92992-6a05-5e0a-a6c1-56d935d16faf", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:708f8a25-3d94-5552-a33c-8545e1be5d75", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cff97a11-2ff1-5a90-9f2d-41bdba9cc7a3", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5cf8b3bf-6837-58c1-a4de-321fc84393bc", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:898bebcb-768e-5e36-b18f-67fa12718ec0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fecfc595-c37e-5c75-9248-4cab637bb44c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7bd35d4e-1fdc-564a-9330-91a84dbed21c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4f02d2d-5f5b-5462-a99c-94bcca563751", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8bb92409-0b9f-57e9-b98b-a857cca67b2d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c161a9e1-7f81-5642-b063-fd89bce863e3", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9e4c4db-09ba-593c-a7da-de70ef4c6dac", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fdac9d4-8e3f-57d7-8960-6b144984f957", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b6804fd-86d3-5e1e-b067-f6be751de8d8", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d111fc39-794f-5fe4-92de-2d3a1a31b021", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af1610f0-6f00-5acf-93d3-14f85a09ffc9", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea8691e7-e7cd-5a38-af7d-46e3cd7b94b1", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0daa500-4766-54e1-9912-c108d3f1c300", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed36fd73-d5f2-5602-b295-5819c2a00cb4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bc64676-d288-5458-b5c5-13e808d4b318", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0f677c1-e469-5947-bcc0-6faeff5c57cd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3601057f-f320-5db3-b576-c7ed0bf942d4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db6a2e97-a946-59f8-a3d5-469b12244bb9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:342e1cfb-84fa-57c1-9d08-b97199bef98c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0f5db4f-42f3-56fe-86b5-c68885105b13", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.2" } ] }